Privileges

You can manage who can do what with your Coveo Cloud organization by assigning access levels on privileges when you define groups or API keys (see Manage Groups and Manage API Keys). See which access levels are available for each privileges in the tables below.

In the Coveo Cloud V2 administration console, privileges are grouped by service. Group members that are granted an access level for privilege typically gain access to one or more related administration console main menu pages and related API calls. For most privileges, the available access levels are View and Edit. Members with the View access level on a privilege can only review the configuration of a resource. To edit the configuration and access the child panels of a main menu page, the Edit access level is usually required. Similarly, the ability to create new resources is automatically granted with the Edit access level, unless, for Sources, you opt for a Custom access level, in which case you can choose whether to grant it or not (see Custom).

Although most privilege names may be similar to the options in the Coveo Cloud V2 administration console navigation menu, a View or Edit access level on a privilege alone is not necessarily sufficient to view or edit the corresponding page content. Other privileges may be required to view or edit the content of an administration console page. See the Required Privileges section at the bottom of the documentation page corresponding to the desired administration console page for a list of all required privileges.
The minimal privilege to allow members of a group to access any Coveo Cloud administration console main menu page is the Organization privilege from the Organization service (see Organization Privilege).

When your Coveo Cloud organization members do not have the minimal View access level on the Organization privilege and try to log in to the Coveo Cloud V2 administration console, they get the following message:

Insufficient privileges

You currently have insufficient privileges to access the Coveo Cloud administration console of the [OrganizationName] organization. Contact an administrator of the [OrganizationName] organization to change your privileges, or select an organization to which you have access through the Coveo Cloud administration console.

The API keys, Groups, Sources, and Extensions privileges offer the Custom access level option, which allows you to grant each API key, source, or group its own access level (see API Keys Privilege, Sources Privilege, and Groups Privilege). For instance, you could grant your SharePoint Administrators group the Edit access level for your SharePoint sources, but only the View level for the other sources in the organization. Moreover, when you select the Custom access level option for Sources, you can decide whether the grantee (group or API key) should also be able to create new API keys or sources, respectively.

The Administrators group cannot be deleted, and its privileges cannot be edited (see Delete a Group). You can however duplicate the Administrators group, and then edit the desired parameters for the new group (see Duplicate a Group).
Privileges have nothing to do with view permissions on source items (see Coveo Cloud V2 Management of Security Identities and Item Permissions). Coveo Cloud organization privileges allow you to control who can do what through the Coveo Cloud administration console or API, while permissions on source items, dependent on your source configuration, determine which end-users can see what items in search results.

When you edit the privileges of a group or an API key, your options may vary. For each privilege, the access levels you can grant depend on the access level you have yourself, as well as the level that was last saved (see Groups and API Keys). In short, the list of access levels from which you can choose generally consists of the last saved access level, the access level you have, and the access levels of lesser importance than those.

The following table summarizes the available access levels in each scenario, assuming you have the Edit access level for the group or API key of which you want to edit the privileges:

Access level you have	Last saved access level	Access levels you can grant the group or API key
None	None	N/A (you cannot change the access level)
None	View all	None or View all
None	Custom	None, View all, or Custom¹
None	Edit all	None, View all, or Edit all
View all	None or View all	None or View all
View all	Custom	None, View all, or Custom
View all	Edit all	None, View all, or Edit all
Custom	None, View all, or Custom	None, View all, or Custom
Custom	Edit all	None, View all, Custom, or Edit all
Edit all	Any	None, View all, Custom, or Edit all

Note 1: In this scenario, albeit with Custom selected, you cannot view the list of sources available in the organization, as you do not have the View all access level on Sources (see Sources privilege).

This table also applies for privileges that do not offer the Custom access level option, such as Fields (see Fields privilege).

You are allowed to edit the Content Viewers group. This group has the View all access level for the Fields privilege, while you have Edit all. When changing the group’s access level for this privilege, you can choose from your access level, those of lesser importance, and the original group’s access level, i.e., Edit all, View all, or no access at all.

However, after switching from a higher access level to a lower level, you may not be able to grant the higher level again if you are not yourself granted this higher access level.

You are allowed to edit groups and to view fields, and you want to revoke the ability of the Content Manager group to edit fields. Since your access level options for the Field resource consist in the last saved access level (Edit), the access level you have (View), and the access levels of lesser importance than those (no access), you can choose from Edit, View, and no access at all. You switch the Fields access level from Edit to View and save, so the last saved access level is now View. Then, the next time you edit the privileges of the Content Manager group, your access level options for Fields are only View and no access at all, since you do not have the Edit access level on Fields yourself.

Similarly, if only one of your groups grants you a higher access level on a certain resource and you edit this group’s privileges to select a lower access level for this resource, you will permanently lose the higher access level after saving.

You are a member of the Group Managers group, which is the only one of yours that grant you the privilege to edit groups. You no longer want the Group Managers group to be able to edit groups, so you switch its Groups access level to View. Once you save, you lose your ability to edit groups and are only able to view them, as Group Managers was the only group that granted you the Edit access level on Groups.

When a user is a member of groups that have conflicting privilege access levels, the highest granted access level applies.

John Smith is a member of the Analytics Viewers and the custom-made Limited Administrators groups. The following table shows an excerpt of the privileges granted to both groups.

Service	Name	`Analytics Viewers` access levels	`Limited Administrators` access levels
Analytics	Administrate	(None)	Allowed
	Analytics data	View	Edit
	Data Exports	View	Edit
	Dimensions	View	Edit
	Impersonate	Allowed	(None)

Since the first four privilege access levels granted to the Limited Administrators group are of a higher level than those granted to the Analytics Viewers group, these Limited Administrators privilege access levels apply to John Smith. Therefore, John Smith can edit dimensions, for instance, even though he is also in the Analytics Viewers group, which is not allowed to perform dimension edits.

As for the Impersonate privilege, however, the Analytics Viewers group has the Allowed access level while the Limited Administrators group does not. Consequently, John Smith is granted the Allowed access level.

The following tables shows the resulting privileges granted to John Smith.

Service	Name	`John Smith`'s access levels
Analytics	Administrate	Allowed
	Analytics data	Edit
	Data Exports	Edit
	Dimensions	Edit
	Impersonate	Allowed

Moreover, when you edit the privileges of a group or an API key, a Discard changes button () appears on the right-hand side of the privilege rows you modified, allowing you to revert all changes made for this privilege. In the service menu on the left-hand side, a number between parentheses indicates the number of edited privilege rows in the corresponding service that will be saved when you click Save.

Two unsaved privileges in the Content service

The following sections correspond to the services and privileges displayed in the Privilege tab you see when creating or editing a group or an API key (see Groups - Page and API Keys - Page). They present the abilities that come with each access level option for a privilege. For each privilege, the Typical grantees column shows which of the built-in groups are granted each level by default: Administrators, Analytics Managers, Analytics Viewers, Content Managers, Relevance Managers, and Users (see About Coveo Cloud V2 User Management). See also About Coveo Cloud V2 User Management for a list of the default access levels granted to each built-in role.

Analytics Service

Administrate Privilege

Access level	Grantee abilities	Typical grantees
Allowed	Manage the organization usage analytics data: Add and delete test usage analytics data in the account Edit, get, delete, and disable the organization account Define IP addresses whose events are flagged as internal (see Administration API - Version 15 and Internal Events) This privilege is especially potent since grantees can delete usage analytics data and could inadvertently corrupt it as well. Administrators should be careful when granting this privilege and are encouraged to review the Coveo Cloud privilege documentation before proceeding.	Administrators API keys

Analytics Data Privilege

Access level	Grantee abilities	Typical grantees
View	View reports (see Managing Usage Analytics Reports) View dimensions (see Managing Dimensions on Custom Metadata) View named filters (see Managing Named Filters) View permission filters (see Managing Permission Filters) View usage analytics data exports (see Managing Data Exports) View Coveo Machine Learning models (see Coveo Machine Learning Models)	Analytics managers Analytics viewers Relevance managers
Push	Send analytics events to the Coveo usage analytics service (see Manage API Keys)	OAuth tokens, API keys, and search tokens assigned to a process such as a search interface
Push and view	View reports (see Managing Usage Analytics Reports) View dimensions (see Managing Dimensions on Custom Metadata) View named filters (see Managing Named Filters) View permission filters (see Managing Permission Filters) View usage analytics data exports (see Managing Data Exports) View Coveo Machine Learning models (see Coveo Machine Learning Models) Send analytics events to the Coveo usage analytics service (see Manage API Keys)	Administrators

Data Exports Privilege

The Data exports privilege access levels are ineffective without the View access level on the Analytics data privilege (see Analytics Data Privilege).

Access level	Grantee abilities	Typical grantees
View	View and download usage analytics data exports containing clicks, groups, keywords, searches, and custom events meeting the specified criteria for a specific date range (see Managing Data Exports)
Edit	Add, edit, or delete analytics data exports from the specified user visits (see Managing Data Exports) Review user visits (see Reviewing User Visits With the Visit Browser)	Administrators Analytics managers Analytics viewers Relevance managers

Dimensions Privilege

The Dimensions privilege access levels are ineffective without the View access level on the Analytics data privilege (see Analytics Data Privilege).

Access level	Grantee abilities	Typical grantees
View	View dimensions (see Managing Dimensions on Custom Metadata). View reports (see Managing Usage Analytics Reports) View named filters (see Managing Named Filters) View permission filters (see Managing Permission Filters)	Analytics viewers
Edit	Add, edit, or delete dimensions created by Coveo Cloud organization members (see Managing Dimensions on Custom Metadata).	Administrators Analytics managers

Impersonate Privilege

Access level	Grantee abilities	Typical grantees
Allowed	Allow a custom process or bot to push usage analytics events with different identities.	Administrators API keys

Incoherent Events Privilege

Access level	Grantee abilities	Typical grantees
View	View incoherent events (see Reviewing Incoherent Usage Analytics Events)	Administrators

Metric Alerts Privilege

Required to use an upcoming feature. Granting it to users or groups does not give them any additional capabilities yet.

Named Filters Privilege

The Named filters privilege access levels are ineffective without the View access level on the Analytics data and Dimensions privileges (see Analytics Data Privilege and Dimensions Privilege).

Access level	Grantee abilities	Typical grantees
View	View named filters (see Managing Named Filters)	Analytics viewers Users
Edit	Add, edit, or delete named filters (see Managing Named Filters)	Administrators Analytics managers Relevance managers

Permission Filters Privilege

The Permission filters privilege access levels are ineffective without the View access level on the Analytics data and Dimensions privileges (see Analytics Data Privilege and Dimensions Privilege).

Access level	Grantee abilities	Typical grantees
View	View permission filters restricting the usage analytics data that analysts can review in reports (see Managing Permission Filters) Without the View access level, you cannot see the permissions filters that are assigned to your identity in reports.	Analytics viewers Analytics managers Relevance managers Users
Edit	Add, edit, or delete permission filters (see Managing Permission Filters) The Edit access level is ineffective without the View access level on the Groups privilege (see Groups Privilege).	Administrators

Reports Privilege

The Reports privilege access levels are ineffective without the View access level on the Analytics data and Dimensions privileges (see Analytics Data Privilege and Dimensions Privilege).

Access level	Grantee abilities	Typical grantees
View	View usage analytics reports (see Reviewing and Managing Dashboards and Reviewing and Managing Usage Analytics Explorers)	Analytics viewers
Edit	Add, edit, or delete usage analytics reports (see Managing Usage Analytics Reports) The Edit access level is ineffective without the Allowed access level on the Administrate privilege (see Administrate Privilege).	Administrators Analytics managers Relevance managers

Suggest Queries Privilege

Access level	Grantee abilities	Typical grantees
Allowed	Allow a process such as a search interface to receive query suggestions from the Coveo Usage Analytics service (see About Usage Analytics Service Query Suggestions)	Administrators API keys

View All Reports Privilege

Access level	Grantee abilities	Typical grantees
Allowed	View all reports, regardless of report accesses (see Managing Usage Analytics Report Access in Reports). Members that do not have this access level can only review the reports they are explicitly allowed to access. This privilege is especially potent since grantees bypass report permissions and could therefore access sensitive information that they would not be allowed to access otherwise. Administrators should be careful when granting this privilege and are encouraged to review the Coveo Cloud privilege documentation before proceeding.	Administrators Analytics managers

Content Service

Extensions Privilege

Access level		Grantee abilities	Typical grantees
View		View the code and usage statistics of available extensions assigned to sources. This is especially useful when troubleshooting cases such as item indexing issues (see Manage Extensions).
Custom¹	View	View the code and usage statistics of the specified extensions. This is especially useful when troubleshooting cases such as item indexing issues (see Manage Extensions).
Custom¹	Edit	Add code snippets to apply transformations to included items such as adding or modifying metadata (see Manage Extensions). It is recommended to grant this privilege to developers only.
Edit		Add code snippets to apply transformations to included items such as adding or modifying metadata (see Manage Extensions). It is recommended to grant this privilege to developers only.	Administrators Content managers

Note 1: See Custom Access Level.

Fields Privilege

Access level	Grantee abilities	Typical grantees
View	View fields and field configuration (see Manage Fields )	Users
Edit	Add, edit, or delete fields (see Manage Fields ) Add, update, or delete fields in batches (see Creating Fields)	Administrators API keys Content managers

Security Identities Privilege

The Security identities privilege access levels are ineffective without the View access level on the Security identity providers privilege (see Security Identity Providers Privilege).

Access level	Grantee abilities	Typical grantees
View	View security identity provider update status, statistics, and refresh schedule (see Manage Security Identities) View security identity provider references such as provider IDs and the sources that use each provider (see Review Additional Statistics) View the permissions and effective permissions on Coveo Cloud organization items (see Review Item Properties) View security identities and their status inside each security provider
Edit	Only required by certain API calls (e.g., enable all disabled entities in security cache). Granting it to users or groups does not give them any additional capabilities.	Administrators

Security Identity Providers Privilege

Access level	Grantee abilities	Typical grantees
View	View security identity provider update status, statistics, and refresh schedule (see Manage Security Identities) View security identity provider references such as provider IDs and the sources that use each provider (see Review Additional Statistics) View security identities and their status inside each security provider
Edit	Refresh security identity providers (see Refresh a Security Identity Provider and Refresh All Security Identities) Edit security identity provider refresh schedules (see ) Edit provider JSON configuration (see Manage Advanced Security Identity Provider Parameters)	Administrators

Sources Privilege

To review source content in the Content Browser, you must have the Allowed access level on the Execute queries privilege (see Inspect Items With the Content Browser and Execute Queries Privilege).
When a group has the View access level for some or all sources, the corresponding sources are grayed out in the Sources page (see Manage Sources).
Unlike for other resources, the ability to create sources can be granted without the Edit access level. When granting privileges, you can therefore grant a group or API key the View all or Custom access level for sources and check the Can Create checkbox to allow users to create sources.

Access level		Grantee abilities	Typical grantees
View all		View all sources (see Manage Sources) View configuration of all sources View all source logs (see Log Browser) Subscribe to source notifications (see User Notifications)	Users
Custom¹	View	View source (see Manage Sources) View source configuration View source logs (see Log Browser) Subscribe to source notifications (see User Notifications)
Custom¹	Edit	Edit or delete specific sources (see Add or Edit a Source) Edit specific source refresh schedules (see Edit a Source Schedule) Edit specific source mappings (see Manage Source Mappings) Launch, pause, resume, and cancel specific source updates (see Refresh, Rescan or Rebuild Sources) Use the push API to send content to Coveo Cloud (see Push API) Subscribe to source notifications (see User Notifications)
Edit all		Add all sources (see Add or Edit a Source) Edit or delete all sources (see Add or Edit a Source) Edit all source refresh schedules (see Edit a Source Schedule) Edit all source mappings (see Manage Source Mappings) Launch, pause, resume, and cancel all source updates (see Refresh, Rescan or Rebuild Sources) Use the push API to send content to Coveo Cloud (see Push API) Subscribe to source notifications (see User Notifications)	Administrators API keys Content managers

Note 1: See Custom Access Level.

Machine Learning Service

Models Privilege

You cannot view and edit Coveo Machine Learning models without the following access levels:

View access level on the Analytics data privilege (see Analytics Data Privilege)
View access level on the Dimensions privilege (see Dimensions Privilege)
View and Edit access levels on the Query pipelines privilege (see Query Pipelines Privilege)

Access level	Grantee abilities	Typical grantees
View	Review the list of Coveo Machine Learning models inside the organization query pipelines (see Manage Models)
Edit	Add, edit, or delete query pipeline models, and thus optimize search results relevance and search experience in general (see Managing Coveo Machine Learning Automatic Relevance Tuning Models in a Query Pipeline, Managing Coveo Machine Learning Query Suggestions Models in a Query Pipeline, and Managing Coveo Machine Learning Event Recommendations Models in a Query Pipeline)	Administrators Relevance managers

Organization Service

API Keys Privilege

This privilege is only available when configuring groups, as API keys cannot be granted access rights to view or edit other API keys (see Manage Groups).
When members of a group have the View access level for some or all API keys, the corresponding keys are grayed out in the API Keys page (see View and Edit).

Access level		Grantee abilities	Typical grantees
View all		View in read-only mode the configuration of all API keys (see Manage API Keys).	Content managers Relevance managers
Custom¹	View	View in read-only mode the configuration of specific API keys (see Manage API Keys).
Custom¹	Edit	Edit, delete, activate, and disable specific API keys (see Manage API Keys and Custom Access Levels)
Edit all		Add, edit, delete, activate, and disable all API keys (see Manage API Keys and Custom Access Levels)	Administrators

Note 1: See Custom Access Level.

Activities Privilege

Access level		Grantee abilities	Typical grantees
View		View all organization activities (see Review All Events Related to Coveo Cloud Administration Console Resources) A member with the View access level could see activities from administration console pages for which they are not granted any access levels.	Content managers Relevance managers
Edit		Send custom activities to Coveo Cloud V2 (see Add or Edit a Push Source)	Administrators API keys

Elasticsearch Indexes Privilege

This privilege is only available in organizations with an Elasticsearch index (see License).

Access level		Grantee abilities	Typical grantees
View		View index status (see Index Status) View index details (see Review Index Details)
Edit		Add an index (see Add an Index) Edit the JSON configuration of an index (see Edit an Index JSON Configuration)	Administrators

Groups Privilege

Grant the Edit or Edit all access level for the Groups privilege only to a few people, ideally the authority in your company that manages access rights in corporate systems.

When members of a group have the View access level for some or all groups, the corresponding groups are grayed out in the Groups page (see View and Edit).

Access level		Grantee abilities	Typical grantees
View all		View all groups, including their privileges (see Manage Groups) View organization members (see Manage Members)	Analytics managers
Custom¹	View	View groups, including their privileges (see Manage Groups)	Content managers Relevance managers² Users³
Custom¹	Edit	Copy, edit, or delete groups and members (see Duplicate a Group, Edit a Group, and Delete a Group) Edit group member privileges (see Privileges Tab) Send invitations to users (see Manage Groups, and Manage Members)	Relevance managers² Users³
Edit all		Copy, edit, or delete all groups and their members (see Duplicate a Group, Edit a Group, and Delete a Group) Edit privileges of all groups (see Privileges Tab) Send invitations to users (see Manage Groups and Manage Members)	Administrators

Note 1: See Custom Access Level.

Note 2: By default, members of the Relevance Managers built-in group can edit this group only. This allows them to invite other people in the Relevance Managers group, but not in other groups.

Note 3: By default, members of the Users built-in group can edit this group only. This allows them to invite other people in the Users group, but not in other groups.

Notifications Privilege

Access level		Grantee abilities	Typical grantees
View		View organization notifications (see Manage Notifications)
Edit		Edit and delete organization notifications (see Manage Notifications)	Administrators

On-Premises Organization Privilege

This privilege is required by the Coveo On-Premises Crawling Module API keys only (see Coveo On-Premises Crawling Module and Manage API Keys). Granting it to users or groups does not give them any additional capabilities.

Organization Privilege

Access level Grantee abilities Typical grantees

View

Access level	Grantee abilities	Typical grantees
View	Access the Coveo Cloud administration console (see Coveo Cloud V2 Administration Console) Without the View access level, an organization member gets the following message when trying to log in to the administration console (see Logging in to Coveo Cloud V2): `Insufficient Privileges - You currently have insufficient privileges to access the Coveo Cloud administration console of the [OrganizationName] organization. Contact an administrator of the [OrganizationName] organization to change your privileges, or select an organization to which you have access through the Coveo Cloud administration console.` View the organization status and license type (see License).	Analytics managers Analytics viewers Content managers Relevance managers Users
Edit	Edit the organization display name and contact (see Profile) Delete the organization (see Profile) Allow Coveo Professional Services access to the organization (see Profile)	Administrators

Access the Coveo Cloud administration console (see Coveo Cloud V2 Administration Console)

Without the View access level, an organization member gets the following message when trying to log in to the administration console (see Logging in to Coveo Cloud V2):

Insufficient Privileges - You currently have insufficient privileges to access the Coveo Cloud administration console of the [OrganizationName] organization. Contact an administrator of the [OrganizationName] organization to change your privileges, or select an organization to which you have access through the Coveo Cloud administration console.
View the organization status and license type (see License).

Analytics managers
Analytics viewers
Content managers
Relevance managers
Users

Edit

Edit the organization display name and contact (see Profile)
Delete the organization (see Profile)
Allow Coveo Professional Services access to the organization (see Profile)

Administrators

SAML Identity Provider Privilege

Access level		Grantee abilities	Typical grantees
View		View SAML single sign-on settings (see Coveo Cloud V2 SAML SSO)
Edit		Configure SAML single sign-on for the organization and edit the single sign-on settings	Administrators

Snapshots Privilege

Required to use an upcoming feature. Granting it to users or groups does not give them any additional capabilities yet.

Search Service

Execute Queries Privilege

Access level	Grantee abilities	Typical grantees
Allowed	For organization members and API keys to send queries and get search results in search pages connected to their Coveo Cloud organization (see Searching with Coveo Cloud).	Administrators API keys Content managers Relevance managers Users

Impersonate Privilege

Access level	Grantee abilities	Typical grantees
Allowed	Obtain a search token for a search interface with secured content to perform queries with the end-user identity and return only results the user is authorized to see. This privilege is especially potent since grantees can impersonate any user and access in search results the content accessible to this user. Grantees could therefore access sensitive items that they cannot normally access in the original repositories. Administrators should be careful when granting this privilege and are encouraged to review the Coveo Cloud privilege documentation before proceeding.	Administrators API keys

Modify Authentication Provider Privilege

Access level	Grantee abilities	Typical grantees
Allowed	Manage authentication for secured sources such as when they are protected with SharePoint claims-based identities.	Administrators API keys

Query Pipelines Privilege

You cannot view and edit Coveo Machine Learning models without the View access level on the Models (requires the Edit access level to manage models), Analytics data, and Dimensions privileges (see Privileges).

Access level	Grantee abilities	Typical grantees
View	View query pipelines (see What Is a Query Pipeline? and Managing Query Pipelines): View query pipeline rules (see Managing Query Pipeline Rules and Rule Conditions From Tabs) View query pipeline rule conditions (see Managing Query Pipeline Rules and Rule Conditions From Tabs) View A/B tests (see Managing A/B Tests)
Edit	Optimize results relevance and search experience in general: Add, edit, or delete query pipelines (see What Is a Query Pipeline? and Managing Query Pipelines) Add, edit, or delete query pipeline rules (see Managing Query Pipeline Rules and Rule Conditions From Tabs) Add, edit, or delete query pipeline rule conditions (see Managing Query Pipeline Rules and Rule Conditions From Tabs) Add, edit, or delete A/B tests (see Managing A/B Tests)	Administrators Relevance managers

Access level

Grantee abilities

Typical grantees

View

View query pipelines (see What Is a Query Pipeline? and Managing Query Pipelines):
View query pipeline rules (see Managing Query Pipeline Rules and Rule Conditions From Tabs)
View query pipeline rule conditions (see Managing Query Pipeline Rules and Rule Conditions From Tabs)
View A/B tests (see Managing A/B Tests)

Edit

Optimize results relevance and search experience in general:

Add, edit, or delete query pipelines (see What Is a Query Pipeline? and Managing Query Pipelines)
Add, edit, or delete query pipeline rules (see Managing Query Pipeline Rules and Rule Conditions From Tabs)
Add, edit, or delete query pipeline rule conditions (see Managing Query Pipeline Rules and Rule Conditions From Tabs)
Add, edit, or delete A/B tests (see Managing A/B Tests)

Administrators
Relevance managers

Salesforce Index Configuration Privilege

Access level	Grantee abilities	Typical grantees
View	Link a Coveo Cloud organization to a Salesforce organization that uses a Salesforce index.	Administrators
Edit

Access level

Grantee abilities

Typical grantees

View

Link a Coveo Cloud organization to a Salesforce organization that uses a Salesforce index.

Administrators

Edit

Search Pages Privilege

Access level		Grantee abilities	Typical grantees
View		Access the search pages hosted by the Coveo Cloud organizations of which a user is a member	Users
Edit		Add or delete hosted search pages (see Manage Search Pages) Edit hosted search pages, i.e., Customize search page interfaces (see Customize the Interface of a Search Page) Edit search page configurations (see Manage Search Pages)	Administrators

View All Content Privilege

Access level		Grantee abilities	Typical grantees
Allowed		Browse all the content of a Coveo Cloud organization index, and thus be able to troubleshoot search issues (see Inspect Items With the Content Browser). This privilege is especially potent since grantees bypass the content permissions and could therefore access sensitive items that they cannot normally access in the original repositories. Administrators should be careful when granting this privilege and are encouraged to review the Coveo Cloud privilege documentation before proceeding.	Administrators